[pkg-netfilter-team] Bug#1063769: Segfault on latest stable nftables package on Bullseye
Jordi MORILLO
j.morillo at yeswehack.com
Mon Feb 12 14:18:30 GMT 2024
Package: nftables
Version: 0.9.8-3.1+deb11u2
Package: libnftables1
Version: 0.9.8-3.1+deb11u2
Since upgrade of nftables/libnftables1 from 0.9.8-3.1+deb11u1 -> 0.9.8-3.1+deb11u2, nftables segfault with this simple rules:
$ cat /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
include "/etc/nftables.conf.d/*.conf"
$ cat /etc/nftables.conf.d/test.conf
table inet filter {
set test {
type ipv4_addr
flags interval
elements = { 1.2.3.4/32 }
}
}
# systemctl start nftables -> segfault
# nft -cf /etc/nftables.conf -> segfault
There is no segfault with 0.9.8-3.1+deb11u1 version, only with 0.9.8-3.1+deb11u2 version.
If I move test set on nftables.conf, no problem.
Segfault only occured with set declared inside included file
I'm using a fresh bullseye install, fully up-to-date
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20240212/3ebe17e8/attachment.htm>
More information about the pkg-netfilter-team
mailing list